When you’re building a site, regardless of its purpose, you focus on the things that matter like making it look great and work properly. Sometimes some of the most important facets slip under the radar.
When you load your site for the first time and a security warning pops up, you know you’ve forgotten a basic and crucial element: your SSL certificate.
Keep reading to learn how to install an SSL certificate on WordPress.
What Is an SSL Certificate?
An SSL (Secure Sockets Layer) certificate is a digital certificate that encrypts the connection between a browser and the server a site is hosted on. To put it simply, HTTP (hypertext transfer protocol) is a set of rules used to transfer components of a website through the Internet.
The SSL certificate is actually the “s” in “https.” Without it, any information exchanged between your browser and the server would be visible to any and all points of contact between the two.
Additionally, it ensures that the information you’re receiving is actually coming from the website you’re visiting and the server it’s hosted on. Sites without SSL certificates installed could be malicious, and view sensitive data without your permission.
Related reading: A Beginner’s Guide to SSL >>
Can You Buy an SSL Certificate?
You can purchase SSL certificates from various Certificate Authorities (CAs) or their resellers. They also exist in various versions (from single-domain SSL certificates to multi-domain certificates) and with various pricing options.
To be able to buy an SSL certificate, you’ll need to create a CSR and private key. CSR (Certificate Signing Request) is an encrypted version of basic information about your website and its owner, including company name, country, state, etc.
Private key is the second part of the “key pair” that gets created alongside the CSR. It’s the most important component of the SSL certificate, as it authenticates your website to internet users. It helps encrypt the data transmitted to and from the site, as well as prevents others from impersonating your site.
Should you wish to explore our certificate pricing, we offer plenty of SSL options here at Nexcess. There are also free versions of SSL certificates like cPanel’s AutoSSL or Let’s Encrypt SSL certificates.
Is It Important to Install An SSL Certificate in WordPress?
The long and short of it is that 85% of people won’t buy from an unsecure website. But there are plenty of reasons why it is important to install an SSL certificate on your WordPress website too. Here are a few.
- Visitors on your website know they’re getting authentic content you’ve shared.
- Visitors and members on your website will know the data they’re sharing with you won’t be intercepted.
- Visitors on your website won’t be scared away by secure connection warnings.
Overall, having an SSL certificate on your WordPress website makes visitors feel secure and confident in their experience.
How To Install An SSL Certificate on WordPress
If you haven’t installed a certificate yet, you should put your website into maintenance mode to prevent any potential visitors from being unnecessarily potentially scared off.
Once you’ve bought an SSL certificate, do NOT install it in WordPress. This might seem confusing because there are plugins that install SSL on your site — but bear in mind that WordPress is a content management system. Your SSL certificate doesn’t (and shouldn’t) cover just content. What you’re concerned about is securing your connection to the web server.
Once you have an SSL certificate, you need to retrieve the private key that was created with it. Installing your SSL certificate is fairly easy. It’s a couple of steps that include navigating around your admin or portal and clicking a few buttons.
How to Install an SSL Certificate on Nexcess Plans
How you install SSL certificates actually depends on the type of a server or hosting plan your site uses. Below, you’ll find step by step instructions on how to install an SSL certificate on Nexcess fully managed hosting plans.
- Nexcess Cloud plans (Managed WordPress and Managed WooCommerce plans):
- Non-Cloud Nexcess plans:
How to Install an SSL Certificate on Non-Nexcess Plans
If you’re not on a Nexcess plan, here are some more guides on how to install an SSL certificate on your website.
Additional Concerns for SSL Certificates
Once you’ve installed your SSL certificate and your site is loading over the HTTPS protocol, there are some additional considerations.
Forcing a Secure Connection
Once you’ve learned how to install SSL on WordPress sites, you’ll want to make sure all the connections made to your site are secure. You can do so by adding one of the following snippets to the top of the .htaccess file for your website:
Mixed Content Errors
Sometimes when sites are created before the installation of the SSL certificate, links in the WordPress database will still contain the “http://” prefix.
Even though you forced secure connections, some images or external links will still get loaded over the non-secure protocol, causing broken padlocks or other warnings.
The easiest way to update those links would be to use a plugin (like Better Search Replace). If you’re familiar with WP cli, or the terminal in general, you might be more comfortable using wp search-replace command.
Pros of Implementing an SSL Certificate
There are many pros and cons of implementing SSL/HTTPS on your website. However, the benefits largely outweigh the disadvantages. Here are some of the top benefits:
- Trust — Visitors are more likely to get a sense of trust when seeing the padlock next to your site’s domain name in their browser’s address bar.
- Data validation — When a browser connects to the server through the HTTPS protocol, there’s a handshake process which validates that the data that was received is the same as the data that was sent.
- Data protection — Any sort of data exchanged through the secure connection will be encrypted and as such, it will be undecipherable to any third parties between the browser and the host server.
- SEO — Google rankings take HTTPS connections into account. As such, sites with SSL certificates installed on them that are forcing HTTPS connections will have higher rankings.
How To Renew Your SSL Certificate
If some time has passed since you learned how to install the SSL certificate, the deadline for SSL certificate renewal might be close. If you purchased an SSL certificate, your CA may have reminded you already.
If you’re sticking with the same type of SSL certificate, it’s quite possible they’ll be renewing it on their end using the same CSR. They will just provide you with an invoice and a new certificate which you’ll need to install again.
Otherwise, they’ll provide further instructions. If you’ve decided to go with the free version, such as Let’s Encrypt or AutoSSL, the renewal time will come much sooner, as these certificates are valid for only 90 days. However, renewals are usually handled automatically on the server side as long as your domain is pointed directly to the server it’s hosted on.
Consider WordPress Hosting With Nexcess
There are many different Wordpress hosting providers out there, as well as many certificate authorities and resellers you could get the SSL certificates from.
All Nexcess hosting plans include free Let’s Encrypt SSL certificates. That means you don’t have to worry about cost, renewals, or installations — just one of the many benefits of fully managed hosting by Nexcess.
Managed WordPress and WooCommerce plans are hosted on servers that are optimized exclusively for WordPress sites. Our outstanding support team is happy to assist you with SSL needs as well as the additional concerns you may have about ensuring your site’s security.
Check out our fully managed WordPress and WooCommerce hosting plans to get started today.